Results 1 to 14 of 14

Thread: I've Been pwned

  1. #1
    I've Been pwned
    Rod Sprague's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,774
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    I've Been pwned
    Received today, along with explanation from https://www.troyhunt.com/

    You've been pwned!

    You signed up for notifications when your account was pwned in a data breach and unfortunately, it's happened. Here's what's known about the breach:

    Email found: DELETED@gmail.com
    Breach: Mac Forums
    Date of breach: 3 Jul 2016
    Number of accounts: 326,714
    Compromised data: Dates of birth, Email addresses, IP addresses, Passwords, Usernames
    Description: In July 2016, the self-proclaimed "Ultimate Source For Your Mac" website Mac Forums suffered a data breach. The vBulletin-based system exposed over 326k usernames, email and IP addresses, dates of birth and passwords stored as salted MD5 hashes. The data was later discovered being traded on a popular hacking forum. Mac Forums did not respond when contacted about the incident via their contact us form.

    Not the first time. Just FYI for everybody.
    I used to be conceited but now I'm perfect.

  2. #2
    I've Been pwned
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    57,751
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Mojave
    We already know about that Rod. The so called data breach occured when Penton were the owners of the forums. The information at the time was not known but later on we found out about it. The web site that's spewing out those notices does not have all the particulars and they're causing hysteria among our members and members of other forums, not just ours.

  3. #3
    I've Been pwned
    Rod Sprague's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,774
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    No hysteria here. I'm a subscriber to Troy Hunt's page and that gmail address had been hacked ages ago. He further adds :
    Please note that it is not possible to retrieve the passwords themselves from HIBP. If you don't want to receive any future breach notifications, just click here to unsubscribe.
    If people are interested they can just check on his page as I have for myself and my wife ages ago.
    I only posted this as a community announcement because it was via Mac Forums.

    He also includes advice;
    2 Steps to Better Password Security

    Monitoring Have I Been Pwned for data breaches is a great start, now try these next 2 steps to protect all your accounts:

    1Password
    Step 1: Protect yourself with strong, unique passwords for each website with the 1Password password manager

    1Password
    Step 2: Enable 2 factor authentication and store the codes inside your 1Password account

    Despite this being blatant advertising for 1Password (I don't use it myself but I do use another password manager) it is sound general advice.

    I wont do it again
    I used to be conceited but now I'm perfect.

  4. #4
    I've Been pwned
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    57,751
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Mojave
    No problem Rod, and thanks for the additional info regarding the Troy Hunt page. We are already working to make the site more secure and should have more info on that in the near future.

    Regards, Charlie

  5. #5
    I've Been pwned
    Rod Sprague's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,774
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    No worries. I’m afraid it’s the world we live in. I received a Facebook notification last week to say an attempted login from another state in Australia had been logged, suggesting I change my password and Microsoft locked me out of an email account a month ago due to “suspicious activity”. This is the way of it. It’s worth remembering having an account name is only half of the info needed to hack any account. The worst that can happen is probably an increase in Spam email. SpamSeive does a pretty good job of handling that.
    I used to be conceited but now I'm perfect.

  6. #6
    I've Been pwned
    macgig's Avatar
    Member Since
    Mar 15, 2006
    Posts
    969
    Your Mac's Specs
    2015 Retina 4k iMac. High Sierra. 8GB Ram
    Blog Entries
    1
    mac forums hacked in 2016? I never got any emails telling me about it. not that I'm aware of. something like this, it would have been nice if someone sent out an email to all users? just a thought. guess whoever owned the forums then didn't think it was important to let users know? these days people try to keep hacked/compromised sites quiet so I'm not too surprised.

  7. #7
    " The information at the time was not known but later on we found out about it. "

    When was that that "we" found out about it? I found out about it yesterday.

  8. #8
    I've Been pwned
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    57,751
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Mojave
    The previous owners of the forums did not send out a notice or at least post a message to the forums for all to see. Since the forum software requires a password change be made to your account every 120 days, that insures your password is safe.

  9. #9
    I've Been pwned
    MacInWin's Avatar
    Member Since
    Jan 01, 2009
    Location
    Winchester, VA
    Posts
    5,851
    Your Mac's Specs
    MBP 15" Mid 2015, iPhone XS, an iMac, plus ATVs, AWatch, MacMini
    Since the forum software requires a password change be made to your account every 120 days, that insures your password is safe.
    The forum has never prompted me to change a password. I do change it about once a year, but have never heard from the site to do so. You might want to check that, Charlie, to see that it's working.
    Jake

  10. #10
    I've Been pwned
    ferrarr's Avatar
    Member Since
    May 21, 2012
    Location
    Pawtucket, RI, US
    Posts
    6,173
    Your Mac's Specs
    L2014 Mac mini macOS 14, iPhone 8+ iOS 12, 12.9" iPad Pro 1 iOS 12, Pencil 1
    Quote Originally Posted by MacInWin View Post
    The forum has never prompted me to change a password. I do change it about once a year, but have never heard from the site to do so. You might want to check that, Charlie, to see that it's working.
    I also haven't been asked to change my password in a very long time. Is there any way for me to find out when a password was created for websites?
    -- Bob --
    Please backup. Everything has a life cycle, unexpected and warning free. Nothing will last as long as you want it to.

  11. #11
    I've Been pwned
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    57,751
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Mojave
    Quote Originally Posted by MacInWin View Post
    The forum has never prompted me to change a password. I do change it about once a year, but have never heard from the site to do so. You might want to check that, Charlie, to see that it's working.
    I believe it's also set to ask for a password change based on how many posts you make. I had to change my password yesterday. The notice I received stated that I had not changed passwords in the past 120 days. I probably also exceeded the amount of posts. It will flag you whichever comes first.

  12. #12
    I've Been pwned
    Rod Sprague's Avatar
    Member Since
    Jun 12, 2011
    Location
    Melbourne, Australia and Ubud, Bali, Indonesia
    Posts
    4,774
    Your Mac's Specs
    MacBook Pro Retina 13" macOSX 10.13.3 beta
    I always thought it was because I beat them to it but I haven't received a notification for a few years so maybe........?
    I used to be conceited but now I'm perfect.

  13. #13
    I've Been pwned
    IWT's Avatar
    Member Since
    Jan 23, 2009
    Location
    Born in Scotland, Worked in Scotland then England, Now live in Wales
    Posts
    5,456
    Your Mac's Specs
    Late 2015 5K 27-inch Retina iMac, 4GHz i7, 32GB RAM, 1TB Flash Drive, macOS High Sierra 10.13.6
    I too have never been asked to change my PW by our Forums. Although I may not be a prolific poster, I do post once or twice every day. Whether it counts for or against, I don't log out. I keep the site open as I use it a great deal during the day and evening.

    Anyway, life goes on and we do our best in a difficult world.

    Ian
    Ian

  14. #14
    I've Been pwned

    Member Since
    Nov 28, 2007
    Location
    Nambucca Heads Australia
    Posts
    25,159
    Your Mac's Specs
    iMac, i7 4GHz, 32GB memory, 1TB Blade, OSX 14.4 Mojave,
    Likewise.
    Using OS X.7 or later make a bootable USB thumb drive before running Installer!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. What does PWNED mean?
    By jrichard012 in forum Schweb's Lounge
    Replies: 12
    Last Post: 04-06-2008, 12:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •